feat(ci): add weekly recipe-health-refresh workflow#1320
Conversation
Clone bom-refresh.yaml to keep docs/user/recipe-health.md current via a weekly, drift-only bot PR (ADR-009 §5, closes NVIDIA#1230). Mondays 06:30 UTC (offset from bom-refresh's 06:00 so the two bot PRs don't contend for runners or /ok re-fire) plus workflow_dispatch; global contents:read with the job escalating to contents:write + pull-requests:write; peter-evans create-pull-request onto chore/health-refresh, labeled documentation / area/docs / area/recipes, on the built-in GITHUB_TOKEN. The one deliberate divergence from bom-refresh: no Helm setup — the health generator is render-free, so the refresh is hermetic and network-free. Per ADR-009 §5 the step summary is the only home for the structural per-dimension states (resolves / chart_pinned / constraints_wellformed), which the committed matrix omits. To surface them, tools/health gains a -summary-out flag and a renderDetail pass (per-dimension tally + per-recipe table), wired through a new `make recipe-health-summary` target the workflow points at $GITHUB_STEP_SUMMARY. Matrix rendering is unchanged.
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughThis PR adds a weekly GitHub Actions workflow (cron + dispatch) that regenerates docs/user/recipe-health.md, writes per-dimension structural detail to the GitHub step summary, and opens/updates a drift-only PR on branch chore/health-refresh. It adds a Makefile target and a -summary-out flag in tools/health to append a deterministic "Structural detail" Markdown section (per-dimension tallies and per-recipe dimension-state matrix) with safe table-cell escaping. Tests validate rendering content, determinism, note normalization, "not scored" handling, and summary append behavior. Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related issues
Possibly related PRs
Suggested labels
Suggested reviewers
🚥 Pre-merge checks | ✅ 4✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/recipe-health-refresh.yaml:
- Around line 47-49: Add a brief inline comment above the permissions block
explaining why elevated job-level permissions are required: state that contents:
write and pull-requests: write are needed so the workflow can create and update
the "drift-only" pull request (or create/update repository contents) as part of
the recipe-health refresh job; reference the permissions block and the specific
keys contents: write and pull-requests: write so reviewers can see the
justification at a glance.
- Around line 32-37: Add a top-level GitHub Actions concurrency block to this
workflow to prevent overlapping runs that update the same branch; add a
concurrency key (e.g., concurrency: { group:
"recipe-health-refresh-chore/health-refresh", cancel-in-progress: true }) at the
workflow root so scheduled and manual (workflow_dispatch) runs are serialized
and in-progress runs are cancelled when a new run starts — update the YAML
around the existing on: (schedule / workflow_dispatch) stanza to include this
concurrency configuration referencing the fixed branch name
`chore/health-refresh`.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Enterprise
Run ID: a0ad2eca-c6a5-4745-ab73-7fd4e3b85aa5
📒 Files selected for processing (6)
.github/workflows/recipe-health-refresh.yamlMakefiledocs/design/009-recipe-health-tracking.mdtools/health/main.gotools/health/main_test.gotools/health/markdown.go
mchmarny
left a comment
There was a problem hiding this comment.
Clean structural clone of bom-refresh.yaml for the weekly recipe-health matrix refresh; the writeRendered extraction is a nice tidy-up and the detailNotes table-injection hardening is well-tested. One medium worth addressing before merge: the bot is told to apply a documentation label, which isn't a real repo label (only area/*/theme/* exist — see #1315). It's inherited from bom-refresh.yaml, so not introduced here, but this PR also edits the ADR line that documents it. Plus one optional nit. Nothing blocks merge.
Summary
Add
.github/workflows/recipe-health-refresh.yaml, a weekly drift-only bot PR that keepsdocs/user/recipe-health.mdcurrent, plus thetools/healthsupport needed to surface per-dimension detail in the run's step summary.Motivation / Context
ADR-009 §5 calls for the public recipe-health matrix to stay current via a weekly, drift-only bot PR — a structural clone of the proven
bom-refresh.yamlloop. V1 health changes only on code/registry/chart merges, so a weekly cadence (not daily) is correct, and the job is offset frombom-refreshso the two Monday bot PRs don't contend for runners or/okre-fire.Fixes: #1230
Related: #1224 (epic), #1229 (the
recipe-health-docstarget + committed matrix)Type of Change
Component(s) Affected
cmd/aicr,pkg/cli)cmd/aicrd,pkg/server)pkg/recipe)pkg/bundler,pkg/component/*)pkg/collector,pkg/snapshotter)pkg/validator)pkg/errors,pkg/k8s)docs/,examples/).github/workflows/,tools/health,MakefileImplementation Notes
Structurally mirrors
bom-refresh.yaml(same pinned action SHAs, globalcontents: readwith the job escalating tocontents: write+pull-requests: write,peter-evans/create-pull-requeston the built-inGITHUB_TOKEN, branchchore/health-refresh,delete-branch: true, labelsdocumentation/area/docs/area/recipes), with one deliberate divergence: no Helm setup — the health generator is render-free, so the refresh is hermetic and network-free.Per ADR-009 §5 the step summary is the only home for the structural per-dimension states (
resolves/chart_pinned/constraints_wellformed), which the committed matrix omits. To surface them,tools/healthgains a-summary-outflag and arenderDetailpass (per-dimension tally + per-recipe table), wired through a newmake recipe-health-summarytarget that the workflow points at$GITHUB_STEP_SUMMARY. The detail is appended (not truncated) per the$GITHUB_STEP_SUMMARYcontract, and renders in a fixed dimension order so it stays byte-stable. Matrix rendering is unchanged — verified the matrix functions are untouched and the change tomarkdown.gois purely additive.Testing
tools/healthcoverage 81.1%; new functions 87–100%. No new exported symbols.-racewas not run locally (no cgo/gcc in this environment) — CI's race job covers it.Risk Assessment
Rollout notes: New scheduled workflow; first run can be triggered manually via
workflow_dispatch. No migration. Fully revertable by deleting the workflow file. Note: the matrix it refreshes is published by #1229 (open) — until that lands, the first run's PR will include the initial matrix body rather than an incremental drift.Checklist
make testwith-race)make lint)git commit -S)